620 million account details up for sale on the Dark Web?
A new hacked database is now reported to have gone live on the internet from the same hacker who had earlier released an additional 93 million user records from eight companies. The data includes users from GfyCat, a popular GIF hosting and sharing platform. The hacker is selling each database on Dream Market, an online darknet market. All the eight databases are priced at approx $9,400. The hacker is selling the data in return of Bitcoins.
The stolen information includes account holders’ names, e-mail addresses, and passwords. However, the passwords are hashed using md5. Earlier this month, the same hacker posted a batch of 16 websites that contained 620 million users. The second batch included eight websites and data of 127 million users. The second batch included
leaked user records from travel booking site Ixigo and 40 million from live-video streaming site YouNow.
A third round of data leaks is now up for sale on the Dark Web that contains online accounts of 92.76 million users. The details are stolen from eight online sites. The data is up for sale on the Dark Web’s Dream Market.
The hacker behind the attack goes by the name of Gnosticplayers and had earlier posted the third batch of data for sale. None of the hacked services on the list have admitted the security breach in the past.
Each new collection is getting smaller in terms of number of breached accounts. Many of the records include passwords in clear text format and banking information.
Here is the list of hacked websites, in order of the size of the breach:
– Pizap (60.8 million including Facebook user ID, password hash, email address)
– Jobandtalent (11 million including id, email, SHA1 encrypted password, password salt, first name, surname, current IP address)
– GfyCat (8 million including username, password hash, email)
– StoryBird (4 million including email, password, username)
– Legendas.tv (3.86 million including username, password in clear text, email, IP address)
– Onebip (2.6 million including user ID, name, email, password in cleartext, address, company info, phone number, PayPal and banking information)
– ClassPass 1.5 million including email, password hash, username, country, sex, full name)
– StreetEasy (1 million including username, email, password hash and salt)